('binary' encoding is not supported, stored as-is) In-Reply-To: <00256D43.003E90C3.00at_private> NMAP port scan would also crash old MVS (IBM mainframe)systems. The problem I encountered in the past was the sockets opened by nmap to the MVS system stayed in the que which caused a performance problem on the system. The result was a system crash. You would also experience the same thing on most legacy systems such as VMS. The best way to resolve issues like this is to update your system, and if anything minimize the number of threads being probed by nmap using a timer (nmap -T polite -v -sTU XXX.XXX.XXX.XXX ) >Received: (qmail 21553 invoked from network); 12 Jun 2003 13:11:34 -0000 >Received: from outgoing3.securityfocus.com (205.206.231.27) > by mail.securityfocus.com with SMTP; 12 Jun 2003 13:11:34 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing3.securityfocus.com (Postfix) with QMQP > id 0DEFAA30D1; Thu, 12 Jun 2003 07:12:23 -0600 (MDT) >Mailing-List: contact pen-test-helpat_private; run by ezmlm >Precedence: bulk >List-Id: <pen-test.list-id.securityfocus.com> >List-Post: <mailto:pen-testat_private> >List-Help: <mailto:pen-test-helpat_private> >List-Unsubscribe: <mailto:pen-test-unsubscribeat_private> >List-Subscribe: <mailto:pen-test-subscribeat_private> >Delivered-To: mailing list pen-testat_private >Delivered-To: moderator for pen-testat_private >Received: (qmail 18322 invoked by uid 0); 12 Jun 2003 08:25:38 -0000 >X-Lotus-FromDomain: POSTOFFICE >From: steve.x.jonesat_private >Sender: steve.x.jonesat_private >To: pen-testat_private >Message-ID: <00256D43.003E90C3.00at_private> >Date: Thu, 12 Jun 2003 11:23:06 +0000 >Subject: Port scan causing system crashes >Mime-Version: 1.0 >Content-type: text/plain; charset=us-ascii >Content-Disposition: inline > > > >Hello > >Please can you help? Has any-one else out there had issues with NMAP port scans >(or any other port scanner) causing systems to crash? > >I use Nessus to baseline the security of our systems and have twice had problems >caused by the NMAP port scan on clustered unix boxes running our enterprise >applications. NOTE - it was the initial port scan that caused the problems, not >the subsequent vulnerability assessment. >I've done a quick Google search and found confirmation for one of the systems - >BUGTRAQ Vulnerability 3358, "IBM HACMP Port Scan Denial of Service Vulnerability", >the other was a bespoke app running on some HP UX boxes. > >Does any-one know of other systems that fall over with a simple port scan? > >Up til now I've been running port scans happily across our subnets to look for >rogue FTP, SMTP, HTTP etc, obviously I'll have to take more care now... > >Thanks in advance for any help. > >Steve > > > >This email and any attachments are confidential and intended for the addressee >only. If you are not the named recipient, you must not use, disclose, reproduce, >copy or distribute the contents of this communication. If you have received this >in error, please contact the sender and then delete this email from your system. > > > >-------------------------------------------------------------------------- - >-------------------------------------------------------------------------- -- > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jun 12 2003 - 13:28:17 PDT